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(57)Abstract: 

PROBLEM TO BE SOLVED: To provide a network 
management system ensuring the security, and a 
network repeater and a network management device 
used for the system. 

SOLUTION: The network repeater 101 transmits 
information of a terminal 105 connected to the repeater 
101 to the network management device 103, which 
returns information denoting an access 
permission/inhibition to the network repeater 101 
depending on the terminal information, and the network 
repeater 101 sets use permission/use inhibit to a port to 
which the terminal 105 is connected based on the 
access permission/inhibition information. Since the 
permission/inhibition of the port to which the terminal 
105 is connected is set depending on the terminal 
information managed by the network management device 
103, the security is ensured without disturbing the use 
of a legal terminal. 
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* NOTICES * 

JPO and INPIT are not responsible for any 
damages caused by the use of this translation. 

LThis document has been translated by computer. So the translation may not reflect 
the original precisely. 

2.**** shows the word which can not be translated. 
3.1n the drawings, any words are not translated. 

[Claim(s)] 

[Claim 1 Jlnformation on a terminal connected from network relay apparatus is 
transmitted to a network management device, Information the network management 
device indicates an access permit/prohibition to be according to said terminal 
information is replied to said network relay apparatus, A network management system 
setting up a port where said network relay apparatus has connected a terminal based 
on said access permit/inhibition information improper [ usable/use ]. 
[Claim 2]The network management system according to claim 1, wherein said terminal 
information is the identification information of a user who is using the terminal 
concerned. 

[Claim 3]The network management system according to claim 1, wherein said terminal 
information is a host name of the terminal concerned. 

[Claim 4]The network management system according to claim 1, wherein said terminal 
information is an IP address of the terminal concerned. 

[Claim 5]The network management system according to claim 1, wherein said terminal 
information is a MAC Address of the terminal concerned. 
[Claim 6]Network relay apparatus provided with a function which transmits 
information on a terminal connected to a network management device in network 
relay apparatus. 

[Claim 7]When information which shows an access permit/prohibition from said 
network management device as a reply to transmission of said terminal information is 
received, The network relay apparatus according to claim 6 provided with a function to 
set up a port which has connected a terminal based on this access permit/inhibition 
information improper [ usable/use ]. 

[Claim 8]The network relay apparatus according to claim 6 or 7 provided with a 
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function which can perform setting out in a port which transmits said terminal 

information to a network management device, and a port which does not transmit said 

terminal information to a network management device for every port. 

[Claim 9]The network relay apparatus according to claim 8 provided with a function in 

which use propriety of a port can be arbitrarily set up to a port which does not 

transmit said terminal information to a network management device. 

[Claim 10]claims 6-9 provided with a function in which it can be specified to which 

network management device said terminal information is transmitted — either — 

network relay apparatus of a statement. 

[Claim 1 1]claims 6-10 having a function which use propriety of a port where a terminal 
is connected can set up beforehand when there is no reply from said network 
management device to transmission of said terminal information — either — network 
relay apparatus of a statement. 

[Claim 12]claims 6-11, wherein said terminal information is the identification 
information of a user who is using the terminal concerned acquired from the contents 
of data which the terminal concerned transmits — either — network relay apparatus 
of a statement. 

[Claim 13]As for said terminal information, claims 6-1 1 being the host names of the 

terminal concerned acquired from the contents of data which the terminal concerned 

transmits are network relay apparatus of a statement either. 

[Claim 14]claims 6-11, wherein said terminal information is an IP address of the 

terminal concerned acquired from the contents of data which the terminal concerned 

transmits — either — network relay apparatus of a statement. 

[Claim 15]claims 6-11, wherein said terminal information is a MAC Address of the 

terminal concerned acquired from the contents of data which the terminal concerned 

transmits — either — network relay apparatus of a statement. 

[Claim 1 6]A network management device characterized by having a function to reply 

information which shows an access permit/prohibition according to said terminal 

information to said network relay apparatus when information on a terminal is received 

from network relay apparatus in a network management device. 

[Claim 17]The network management device according to claim 16 provided with a 

function in which correspondence with information which shows the access 

permit/prohibition which should be replied to said network relay apparatus, and said 

terminal information is manageable. 

[Claim 18]The network management device according to claim 16 or 17, wherein said 
terminal information is the identification information of a user who is using the 
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terminal concerned. 

[Claim 19]The network management device according to claim 16 or 17, wherein said 
terminal information is a host name of the terminal concerned. 

[Claim 20]The network management device according to claim 16 or 17, wherein said 

terminal information is an IP address of the terminal concerned. 

[Claim 21]The network management device according to claim 16 or 17, wherein said 

terminal information is a MAC Address of the terminal concerned. 

[Claim 22]IP subnet which specifies two or more IP addresses by making an IP 

address and an effective-bits mask value into a group is used, The network 

management device according to claim 20 provided with a function to define 

correspondence with this IP subnet, and an access permit/inhibition information, and 

to manage correspondence with said access permit/inhibition information, and an IP 

address of said terminal in the light of this definition. 

[Claim 23]claims 16-22 provided with a function in which the contents of transmission 
from said network relay apparatus and the reply to that transmission are recorded as 
a log, and this log can be referred to from a management screen — either — a 
network management device of a statement 
[Detailed Description of the Invention] 
[0001] 

[Field of the Invention]This invention relates to the network management system 
which used network relay apparatus, and relates to the network relay apparatus and 
the network management device which are used for the network management system 
and it which can secure security especially. 
[0002] 

[Description of the Prior Art]Many network relay apparatus is provided with the 
setting up function of the use propriety of a port. If a port is set up improper [ use ], 
the network equipment connected to the port cannot communicate via said network 
relay apparatus. 
[0003] 

[Problem(s) to be Solved by the Invention]If the port is set up usable even if it 
connects which terminal to the network relay apparatus currently installed on the 
network, the terminal can communicate via said network relay apparatus. Temporarily, 
it can communicate similarly at the terminal of the invader from the outside with bad 
faith. If a port is set up improper [ use ] so that an invader's terminal cannot access a 
network, the terminal in which a network should be essentially allowed access is also 
made to access a network. Thus, in the network management system using 



conventional network relay apparatus, reservation of security is difficult. 
[0004]Then, the purpose of this invention solves an aforementioned problem and 
there is in providing the network relay apparatus and the network management device 
which are used for the network management system and it which can secure security. 
[0005] 

[Means for Solving the ProblemjTo achieve the above objects, a network management 
device of this invention, Information on a terminal connected from network relay 
apparatus is transmitted to a network management device, Information the network 
management device indicates an access permit/prohibition to be according to said 
terminal information is replied to said network relay apparatus, and a port where said 
network relay apparatus has connected a terminal based on said access 
permit/inhibition information is set up improper [ usable/use ]. 

[0006]Said terminal information may be the identification information of a user who is 
using the terminal concerned. 

[0007]Said terminal information may be a host name of the terminal concerned. 
[0008]Said terminal information may be an IP address of the terminal concerned. 
[0009]Said terminal information may be a MAC Address of the terminal concerned. 
[0010]Network relay apparatus of this invention is provided with a function which 
transmits information on a terminal connected to a network management device. 
[0011]When information which shows an access permit/prohibition from said network 
management device as a reply to transmission of said terminal information is received, 
it may have a function to set up a port which has connected a terminal based on this 
access permit/inhibition information improper [ usable/use ]. 

[001 2]It may have a function which can perform setting out in a port which transmits 
said terminal information to a network management device, and a port which does not 
transmit said terminal information to a network management device for every port. 
[001 3]It may have a function which use propriety of a port can set up arbitrarily to a 
port which does not transmit said terminal information to a network management 
device. 

[0014]It may have a function in which it can be specified to which network 
management device said terminal information is transmitted. 

[0015]When there is no reply from said network management device to transmission 
of said terminal information, it may have a function which use propriety of a port 
where a terminal is connected can set up beforehand. 

[0016]Said terminal information may be the identification information of a user who is 
using the terminal concerned acquired from the contents of data which the terminal 
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concerned transmits. 

[0017]Said terminal information may be a host name of the terminal concerned 
acquired from the contents of data which the terminal concerned transmits. 
[0018]Said terminal information may be an IP address of the terminal concerned 
acquired from the contents of data which the terminal concerned transmits. 
[0019]Said terminal information may be a MAC Address of the terminal concerned 
acquired from the contents of data which the terminal concerned transmits. 
[0020]A network management device of this invention is provided with a function to 
reply information which shows an access permit/prohibition according to said terminal 
information to said network relay apparatus when information on a terminal is received 
from network relay apparatus. 

[0021 ]It may have a function in which correspondence with information which shows 
the access permit/prohibition which should be replied to said network relay apparatus, 
and said terminal information is manageable. 

[0022]Said terminal information may be the identification information of a user who is 
using the terminal concerned. 

[0023]Said terminal information may be a host name of the terminal concerned. 
[0024]Said terminal information may be an IP address of the terminal concerned. 
[0025]Said terminal information may be a MAC Address of the terminal concerned. 
[0026]IP subnet which specifies two or more IP addresses by making an IP address 
and an effective-bits mask value into a group is used, Correspondence with this IP 
subnet, and an access permit/inhibition information is defined, and it may have a 
function to manage correspondence with said access permit/inhibition information, 
and an IP address of said terminal in the light of this definition. 
[0027]The contents of transmission from said network relay apparatus and the reply 
to that transmission may be recorded as a log, and it may have a function in which this 
log can be referred to from a management screen. 
[0028] 

[Embodiment of the Invention] Hereafter, the embodiment of this invention is explained 
in full detail based on an accompanying drawing. 

[0029] 1) As shown in the first embodiment drawing 1 , the network management 

system concerning this invention is provided with the following. 

Two sets of network relay apparatus 101,102 concerning this invention. 

The network management device 103 concerning this invention. 

Network relay apparatus is a switching hub, for example. 

[0030]As shown in drawing 2 , the switching hub 201 comprises No. 1 - the No. 5 ports 
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202-206, the junction circuit 207, the processor 208, and memory 209 grade. 
[0031 ]The processing which an administrator performs to below to the processing and 
network relay apparatus which the network relay apparatus of switching hub 201 
grade performs is shown. 

[0032](1) Beforehand, the administrator sets up whether the information on the 
terminal is transmitted to a network management device, when a terminal is 
connected for every port. The port which transmits terminal information is hereafter 
called an automatic use propriety setting-out port. 

[0033](2) The administrator sets up the use propriety beforehand about the port 

which is not an automatic use propriety setting-out port. 

[0034](3) The administrator sets up beforehand the address of the network 

management device which serves as a transmission destination of terminal 

information. 

[0035](4) When a terminal is newly [ network relay apparatus ] connected in an 
automatic use propriety setting-out port etc., When terminal information should be 
transmitted, the identification key for discriminating terminals, such as a host name, 
from the frame which the automatic use propriety setting-out port received is 
detected, and it transmits to a network management device by making the 
identification key into terminal information. 

[0036](5) Network relay apparatus sets up the port where the terminal is connected 
usable, when the information which shows an access permit from a network 
management device as a reply to transmission of terminal information is received. 
[0037](6) Network relay apparatus sets up the port where the terminal is connected 
improper [ use ], when the information which shows an access inhibit from a network 
management device as a reply to transmission of terminal information is received. 
[0038](7) When a network management device to a reply cannot be found after 
network relay apparatus transmitted terminal information to the network management 
device, it sets up use propriety as specified beforehand the sake [ in this case J. 
[0039](8) Each setting detail (it is called the configuration information on network 
relay apparatus) set up by the above is stored in the memory 209. The junction circuit 
207 uses the configuration information on the network relay apparatus 201 for 
communications processing since then. 

[0040]The processing which the network management device 1 03 performs to below 
is shown. 

[0041 ](1) It has the management table (what made a host name, and an access 
permit/inhibition information correspond, and registered it) 104 of each terminal and 
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the use propriety of a port in the inside, and setting out of this management table can 
be performed from on a management screen. 

[0042](2) When the identification key (host name) which is terminal information is 
transmitted from network relay apparatus, a terminal is searched from the 
management table 104 and the information which shows an access permit or an 
access inhibit is replied to said network relay apparatus. 

[0043](3) The contents of the inquiry (transmit terminal information) from network 
relay apparatus and the reply to the inquiry are recorded as a log. This log can be 
referred to from a management screen. 

[0044]A more concrete flow is explained using drawing 1 . Here, terminal information is 
a host name of a terminal. 

[0045]The No. 1 port of the network relay apparatus 101 - the No. 4 port and the No. 
1 port of the network relay apparatus 102, the No. 3 port - the No. 5 port shall be set 
as an automatic use propriety setting-out port. The No. 5 port of the network relay 
apparatus 101 and the No. 2 port of the network relay apparatus 102 shall be set up 
usable so that a self-opportunity and the terminal connected can communicate with a 
high order network. 

[0046]The address of the network management device 103 shall be set to the network 
relay apparatus 101,102 as an address of the network management device which 
serves as a transmission destination of terminal information. 

[0047]Like [ the network management device 103 ] a graphic display, setting out shall 
be beforehand made by the internal management table 1 04. 

[0048]Now, a host name presupposes that the terminal 105 of red was connected to 
the No. 1 port of the network relay apparatus 101. If a frame is transmitted from the 
terminal 105, the MAC Address of the terminal 105 extracted from the frame will be 
registered into the filtering table (not shown) of the network relay apparatus 101. The 
network relay apparatus 101 detects the IP address of the terminal 105, searches a 
host name with the timing by DNS, and transmits the host name to the network 
management device 103 to it. 

[0049]The network management device 103 searches the data corresponding to the 
host name which received from the management table 104. Since access is set to 
permission, as for the network management device 103, the host name red replies the 
information which shows an access permit to the network relay apparatus 1 01 . 
[0050]The network relay apparatus 101 which received the information which shows 
an access permit makes usable the No. 1 port where the terminal 105 is connected. 
Thereby, the terminal 105 can access a network now via the network relay apparatus 
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101. 

[0051]Similarly, in the No. 3 port of the network relay apparatus 102, a host name is 
set up available, when the terminal 1 05 of red is connected to the No. 3 port of the 
network relay apparatus 102. That is, this terminal 105 can access a network, even if 
it connects with which port of which network relay apparatus. 

[0052]Since access is set to prohibition at the management table 104 when the host 
name of the terminal 105 is blue, the information which shows an access inhibit from 
the network management device 1 03 to the inquiry from the network relay apparatus 
101,102 is replied. Use of the port where the terminal 105 is connected of the network 
relay apparatus 101,102 which received the information which shows an access inhibit 
is made improper. Thereby, the terminal 105 cannot access a network via the network 
relay apparatus 101,102. 

[0053]Since the host name applicable to the management table 104 is not registered 
when the host name of the terminal 1 05 is gray, the data of "others" of the 
management table 104 is referred to and access is set to the data with prohibition, 
The information which shows an access inhibit from the network management device 
103 to the inquiry from the network relay apparatus 101,102 is replied. Since the 
network relay apparatus 101,102 makes improper use of the port where the terminal 
1 05 is connected, the terminal 1 05 cannot access a network via the network relay 
apparatus 101,102. It can prevent making the terminal in which the unknown host 
name is set up by this access a network. 

[0054]The contents of the inquiry and reply from the above network relay apparatus 
are recorded on the network management device 103, and an administrator can refer 
to the log from a management screen behind. 

[0055]When communication with the network relay apparatus 101,102 and the 
network management device 1 03 is not completed and there is no reply to 
transmission of terminal information, the network relay apparatus 101,102 sets up the 
use propriety of a port as it was specified beforehand the sake [ in such a case ]. 
[0056]Thus, the configuration information on the set-up network relay apparatus is 
stored in the memory 209, and is used for communications processing by the junction 
circuit 207. 

[0057]2) As shown in the second embodiment drawing 3 , the network management 

system concerning this invention is provided with the following. 

Two sets of network relay apparatus 101,102 concerning this invention. 

The network management device 103 concerning this invention. 

Network relay apparatus is a switching hub and has the internal configuration shown in 
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drawing 2 , for example. 

[0058]The processing which an administrator performs to below to the processing and 
network relay apparatus which the network relay apparatus of switching hub 201 
grade performs is shown. 

[0059](1) The administrator sets up whether it transmits to a network management 

device by making the user ID into terminal information, when a terminal user's user ID 

(identification information) is beforehand detected from the contents of the data 

received in the port for every port. The port which transmits the detected user ID is 

hereafter called an automatic use propriety setting-out port. 

[0060](2) The administrator sets up the use propriety beforehand about the port 

which is not an automatic use propriety setting-out port. 

[0061](3) The administrator sets up beforehand the address of the network 

management device which serves as a transmission destination of user ID. 

[0062](4) Network relay apparatus transmits to a network management device by 

making the user ID into terminal information, when a terminal user's user ID is 

detected from the contents of the data received in a certain port. 

[0063](5) Network relay apparatus sets up the port where the terminal is connected 

usable, when the information which shows an access permit from a network 

management device as a reply to transmission of user ID is received. 

[0064](6) Network relay apparatus sets up the port where the terminal is connected 

improper [ use ], when the information which shows an access inhibit from a network 

management device as a reply to transmission of user ID is received. 

[0065](7) When a network management device to a reply cannot be found after 

network relay apparatus transmitted user ID to the network management device, it 

sets up use propriety as specified beforehand the sake [ in this case ]. 

[0066](8) The configuration information on the network relay apparatus set up by the 

above is stored in the memory 209. The junction circuit 207 uses the configuration 

information on network relay apparatus for communications processing since then. 

[0067]The processing which the network management device 103 performs to below 

is shown. 

[0068](1) It has the management table (what made user ID, and an access 
permit/inhibition information correspond, and registered it) 104 of each user ID and 
the use propriety of a port in the inside, and setting out of this management table 1 04 
can be performed from on a management screen. 

[0069](2) When the user ID which is terminal information is transmitted from network 
relay apparatus, a terminal is searched from the management table 104 and the 
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information which shows an access permit or an access inhibit is replied to said 
network relay apparatus. 

[0070](3) The contents of the inquiry from network relay apparatus and the reply to 
the inquiry are recorded as a log. This log can be referred to from a management 
screen. 

[0071]A more concrete flow is explained using drawing 3 . 

[0072]The No. 1 port of the network relay apparatus 101 - the No. 4 port and the No. 
1 port of the network relay apparatus 102, the No. 3 port - the No. 5 port shall be set 
as an automatic use propriety setting-out port. The No. 5 port of the network relay 
apparatus 101 and the No. 2 port of the network relay apparatus 102 shall be set up 
usable so that a self-opportunity and the terminal connected can communicate with a 
high order network. 

[0073]The address of the network management device 103 shall be set to the network 
relay apparatus 101,102 as an address of the network management device which 
serves as a transmission destination of user ID. 

[0074]Like [the network management device 103 ] a graphic display, setting out shall 
be beforehand made by the internal management table 1 04. 

[0075]Now, it is assumed that the terminal 105 was connected to the No. 1 port of the 
network relay apparatus 101. Since the frame which has login information from the 
terminal 1 05 will be transmitted if a user with the user ID of a login name "Yamamoto" 
logs in to the terminal 105, The network relay apparatus 101 detects user ID 
"Yamamoto" from that frame, and transmits this user ID to the network management 
device 103. 

[0076]The network management device 103 searches the data corresponding to the 
user ID which received from the management table 104. In this example, since access 
is set to permission to user ID "Yamamoto", the network management device 103 
replies the information which shows an access permit to the network relay apparatus 
101. 

[0077]The network relay apparatus 101 which received the information which shows 
an access permit makes usable the No. 1 port where the terminal 105 is connected. 
Thereby, the terminal 1 05 can access a network now via the network relay apparatus 
101. 

[0078]If similarly a user with the user ID of "Yamamoto" logs in when the terminal 105 
is connected to the No. 3 port of the network relay apparatus 1 02, the No. 3 port of 
the network relay apparatus 102 will be set up available. 

[0079] Also when the user who has the user ID of "Yamamoto" in another terminal 1 06 
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connected to the No. 5 port of the network relay apparatus 1 02 logs in, the No. 5 port 
of the network relay apparatus 1 02 is set up available. That is, whether it uses which 
terminal or the user who uses user ID "Yamamoto" connects a terminal to which port 
of which network relay apparatus, he can access a network. 

[0080]Since access is set to prohibition at the management table 104 when the user 
ID of the terminal 105 is "Kawaguti", the information which shows an access inhibit 
from the network management device 103 to the inquiry from the network relay 
apparatus 101,102 is replied. Use of the port where the terminal 105 is connected of 
the network relay apparatus 101,102 which received the information which shows an 
access inhibit is made improper. Thereby, the terminal 105 cannot access a network 
via the network relay apparatus 101,102. 

[0081]Since the user ID applicable to the management table 104 is not registered 
when the user ID of the terminal 105 is "Yamada", Since the data of "others" of the 
management table 104 is referred to and access is set to the data with prohibition, the 
information which shows an access inhibit from the network management device 103 
to the inquiry from the network relay apparatus 101,102 is replied. Since the network 
relay apparatus 101,102 makes improper use of the port where the terminal 105 is 
connected, the terminal 105 cannot access a network via the network relay apparatus 
101,102. It can prevent making the terminal to which it logs in by this using unknown 
user ID access a network. 

[0082]The contents of the inquiry and reply from the above network relay apparatus 
are recorded on the network management device 103, and an administrator can refer 
to the log from a management screen behind. 

[0083]When communication with the network relay apparatus 101,102 and the 
network management device 103 is not completed and there is no reply to 
transmission of terminal information, the network relay apparatus 101,102 sets up the 
use propriety of a port as it was specified beforehand the sake [ in such a case ]. 
[0084]Thus, the configuration information on the set-up network relay apparatus is 
stored in the memory 209, and is used for communications processing by the junction 
circuit 207. 

[0085]3) As shown in the third embodiment drawing 4 , the network management 

system concerning this invention is provided with the following. 

Two sets of network relay apparatus 101,102 concerning this invention. 

The network management device 103 concerning this invention. 

Network relay apparatus is a switching hub and has the internal configuration shown in 

drawing 2 , for example. 
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[0086]The processing which an administrator performs to below to the processing and 
network relay apparatus which the network relay apparatus of switching hub 201 
grade performs is shown. 

[0087](1) Beforehand, the administrator sets up whether it transmits to a network 
management device by making the IP address of the terminal into terminal information, 
when a terminal is connected for every port. The port which transmits terminal 
information is hereafter called an automatic use propriety setting-out port. 
[0088](2) The administrator sets up the use propriety beforehand about the port 
which is not an automatic use propriety setting-out port 
[0089](3) The administrator sets up beforehand the address of the network 
management device which serves as a transmission destination of an IP address. 
[0090](4) When a MAC Address is newly [ network relay apparatus ] registered to a 
filtering table (not shown) etc., When the IP address of a terminal should be 
transmitted, the IP address of a terminal is detected from the frame which the 
automatic use propriety setting-out port received, and the IP address is transmitted 
to a network management device. 

[0091](5) Network relay apparatus sets up the port where the terminal is connected 
usable, when the information which shows an access permit from a network 
management device as a reply to transmission of an IP address is received. 
[0092](6) Network relay apparatus sets up the port where the terminal is connected 
improper [ use ], when the information which shows an access inhibit from a network 
management device as a reply to transmission of an IP address is received. 
[0093](7) When a network management device to a reply cannot be found after 
network relay apparatus transmitted the IP address to the network management 
device, it sets up use propriety as specified beforehand the sake [ in this case ]. 
[0094](8) The configuration information on the network relay apparatus set up by the 
above is stored in the memory 209. The junction circuit 207 uses the configuration 
information on the network relay apparatus 201 for communications processing since 
then. 

[0095]The processing which the network management device 103 performs to below 
is shown. 

[0096](1) It has the management table (what made an IP address or IP subnet, and an 
access permit/inhibition information correspond, and registered it) 104 of each IP 
address (IP subnet ****) and the use propriety of a port in the inside, and setting out 
of this management table can be performed from on a management screen. Here, IP 
subnet can make a group an IP address and an effective-bits mask value, and can 
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specify two or more IP addresses using this IP subnet. 

[0097](2) When an IP address is transmitted from network relay apparatus, an IP 
address is searched from the management table 104, and the information which shows 
an access permit or an access inhibit is replied to said network relay apparatus. 
[0098](3) When the received IP address and the IP address in agreement are not 
registered into the management table 104, in IP subnet registered into the 
management table 104, Suiting IP subnet with the longest subnet mask length is 
searched, and the access permit/inhibition information corresponding to this IP 
subnet are replied to said network relay apparatus. 

[0099](4) The contents of the inquiry from network relay apparatus and the reply to 
the inquiry are recorded as a log. This log can be referred to from a management 
screen. 

[0100]A more concrete flow is explained using drawing 4 . 

[0101]The No. 1 port of the network relay apparatus 101 - the No. 4 port and the No. 
1 port of the network relay apparatus 102, the No. 3 port - the No. 5 port shall be set 
as an automatic use propriety setting-out port. The No. 5 port of the network relay 
apparatus 101 and the No. 2 port of the network relay apparatus 102 shall be set up 
usable so that a self-opportunity and the terminal connected can communicate with a 
high order network. 

[0102]The address of the network management device 103 shall be set to the network 
relay apparatus 101,102 as an address of the network management device which 
serves as a transmission destination of an IP address. 

[0103]Like [the network management device 103 ] a graphic display, setting out shall 
be beforehand made by the internal management table 104. 
[0104]Now, an IP address presupposes that the terminal 105 of 172.17.33.1 was 
connected to the No. 1 port of the network relay apparatus 101. If a frame is 
transmitted from the terminal 105, the MAC Address of the terminal 105 extracted 
from the frame will be registered into the filtering table of the network relay apparatus 
101. To the timing, the network relay apparatus 101 detects an IP address, and 
transmits the IP address to the network management device 103. 
[0105]The network management device 103 searches the data corresponding to the 
received IP address from the management table 104. Since access is set to 
permission, as for the network management device 1 03, IP address 1 72.1 7.33.1 replies 
the information which shows an access permit to the network relay apparatus 101. 
[0106]The network relay apparatus 101 which received the information which shows 
an access permit makes usable the No. 1 port where the terminal 105 is connected. 
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Thereby, the terminal 105 can access a network now via the network relay apparatus 
101. 

[0107]Similarly, when this terminal 105 is connected to the No. 3 port of the network 
relay apparatus 102, the No. 3 port of the network relay apparatus 102 is set up 
available. That is, this terminal 105 can access a network, even if it connects with 
which port of which network relay apparatus. 

[0108]Since access is set to prohibition at the management table 104 when the IP 
address of the terminal 105 is 172.17.33.2, the information which shows an access 
inhibit from the network management device 103 to the inquiry from the network relay 
apparatus 101,102 is replied. Use of the port where the terminal 105 is connected of 
the network relay apparatus 101,102 which received the information which shows an 
access inhibit is made improper. Thereby, the terminal 105 cannot access a network 
via the network relay apparatus 101,102. 

[0109]When the IP address of the terminal 105 is 172.17.33.3, IP which is in agreement 
with the management table 104 is not registered. In this case, it is suiting IP subnet 
and the data of IP subnet with the longest subnet mask length is used. Therefore, 
since IP subnet of 172.17.33.V24 suits this condition about 172.17.33.3, the 
information which shows a corresponding access permit is replied. 
[0110]Similarly, when the IP address of the terminal 105 is 171.1.1.1., IP subnet 
171.*.*.*/8 suit, and the information which shows an access permit is replied. When 
the IP address of the terminal 105 is 170.1.1.1, IP subnet *.*.*.*/0 suit and the 
information which shows an access inhibit is replied. 

[01 1 1]The contents of the inquiry and reply from the above network relay apparatus 
are recorded on the network management device 103, and an administrator can refer 
to the log from a management screen behind. 

[01 12]When communication with the network relay apparatus 101,102 and the 
network management device 103 is not completed etc., When there is no reply to 
transmission of an IP address, the network relay apparatus 101,102 sets up the use 
propriety of a port as it was specified beforehand the sake [ in such a case ]. 
[0113]Thus, the configuration information on the set-up network relay apparatus is 
stored in the memory 209, and is used for communications processing by the junction 
circuit 207. 

[01 14]4) As shown in the fourth embodiment drawing 5 , the network management 

system concerning this invention is provided with the following. 

Two sets of network relay apparatus 101,102 concerning this invention. 

The network management device 103 concerning this invention. 
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Network relay apparatus is a switching hub and has the internal configuration shown in 
drawing 2 , for example. 

[01 1 5]The processing which an administrator performs to below to the processing and 
network relay apparatus which the network relay apparatus of switching hub 201 
grade performs is shown. 

[01 1 6](1) Beforehand, the administrator sets up whether it transmits to a network 
management device by making the MAC Address of the terminal into terminal 
information, when a terminal is connected for every port. The port which transmits 
terminal information is hereafter called an automatic use propriety setting-out port. 
[01 17](2) The administrator sets up the use propriety beforehand about the port 
which is not an automatic use propriety setting-out port. 
[011 8](3) The administrator sets up beforehand the address of the network 
management device which serves as a transmission destination of a MAC Address. 
[01 19](4) When a MAC Address is newly [ network relay apparatus ] registered to a 
filtering table (not shown) etc., When the MAC Address of a terminal should be 
transmitted, the MAC Address of a terminal is detected from the frame which the 
automatic use propriety setting-out port received, and the MAC Address is 
transmitted to a network management device. 

[0120](5) Network relay apparatus sets up the port where the terminal is connected 
usable, when the information which shows an access permit from a network 
management device as a reply to transmission of a MAC Address is received. 
[01 21 ](6) Network relay apparatus sets up the port where the terminal is connected 
improper [ use ], when the information which shows an access inhibit from a network 
management device as a reply to transmission of a MAC Address is received. 
[0122](7) When a network management device to a reply cannot be found after 
network relay apparatus transmitted the MAC Address to the network management 
device, it sets up use propriety as specified beforehand the sake [ in this case ]. 
[0123](8) The configuration information on the network relay apparatus set up by the 
above is stored in the memory 209. The junction circuit 207 uses the configuration 
information on the network relay apparatus 201 for communications processing since 
then. 

[0124]The processing which the network management device 103 performs to below 
is shown. 

[0125](1) It has the management table (what made a MAC Address, and an access 
permit/inhibition information correspond, and registered it) 104 of each MAC Address 
and the use propriety of a port in the inside, and setting out of this management table 
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can be performed from on a management screen. 

[01 26](2) When a MAC Address is transmitted from network relay apparatus, a MAC 
Address is searched from the management table 1 04, and the information which 
shows an access permit or an access inhibit is replied to said network relay apparatus. 
[0127](3) The contents of the inquiry from network relay apparatus and the reply to 
the inquiry are recorded as a log. This log can be referred to from a management 
screen. 

[0128]A more concrete flow is explained using drawing 5 . 

[0129]The No. 1 port of the network relay apparatus 101 - the No. 4 port and the No. 
1 port of the network relay apparatus 102, the No. 3 port - the No. 5 port shall be set 
as an automatic use propriety setting-out port. The No. 5 port of the network relay 
apparatus 101 and the No. 2 port of the network relay apparatus 102 shall be set up 
usable so that a self-opportunity and the terminal connected can communicate with a 
high order network. 

[0130]The address of the network management device 103 shall be set to the network 
relay apparatus 101,102 as an address of the network management device which 
serves as a transmission destination of a MAC Address. 

[0131]Like [ the network management device 103 ] a graphic display, setting out shall 
be beforehand made by the internal management table 104. 

[0132]Now, a MAC Address presupposes that the terminal 105 of 1 1:1 1:1 1 :1 1:1 1:1 1 
was connected to the No. 1 port of the network relay apparatus 101. If a frame is 
transmitted from the terminal 105, the MAC Address of the terminal 105 extracted 
from the frame will be registered into the filtering table of the network relay apparatus 
101. The network relay apparatus 101 transmits the MAC Address to the network 
management device 103 to the timing. 

[0133]The network management device 103 searches the data corresponding to the 
MAC Address which received from the management table 104. Since access is set to 
permission, as for the network management device 103, MAC Address 
11:11:11:11:11:11 replies the information which shows an access permit to the 
network relay apparatus 101. 

[0134]The network relay apparatus 101 which received the information which shows 
an access permit makes usable the No. 1 port where the terminal 105 is connected. 
Thereby, the terminal 1 05 can access a network now via the network relay apparatus 
101. 

[0135]Similarly, when this terminal 105 is connected to the No. 3 port of the network 
relay apparatus 102, the No. 3 port of the network relay apparatus 102 is set up 
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available. That is, this terminal 1 05 can access a network, even if it connects with 
which port of which network relay apparatus. 

[0136]Since access is set as the management table 104 with prohibition when the 
MAC Address of the terminal 1 05 is 22:22:22:22:22:22, The information which shows 
an access inhibit from the network management device 103 to the inquiry from the 
network relay apparatus 101,102 is replied. Use of the port where the terminal 105 is 
connected of the network relay apparatus 101,102 which received the information 
which shows an access inhibit is made improper. Thereby, the terminal 105 cannot 
access a network via the network relay apparatus 101,102. 
[0137]Since the MAC Address applicable to the management table 104 is not 
registered when the MAC Address of the terminal 105 is 44:44:44:44:44:44, Since the 
data of "others" of the management table 104 is referred to and access is set to the 
data with prohibition, the information which shows an access inhibit from the network 
management device 103 to the inquiry from the network relay apparatus 101,102 is 
replied. Since the network relay apparatus 101,102 makes improper use of the port 
where the terminal 105 is connected, the terminal 105 cannot access a network via 
the network relay apparatus 101,102. It can prevent making the terminal of an 
unknown MAC Address access a network by this. 

[01 38]The contents of the inquiry and reply from the above network relay apparatus 
are recorded on the network management device 103, and an administrator can refer 
to the log from a management screen behind. 

[0139]When communication with the network relay apparatus 101,102 and the 
network management device 103 is not completed etc., When there is no reply to 
transmission of a MAC Address, the network relay apparatus 101,102 sets up the use 
propriety of a port as it was specified beforehand the sake [ in such a case ]. 
[0140]Thus, the configuration information on the set-up network relay apparatus is 
stored in the memory 209, and is used for communications processing by the junction 
circuit 207. 
[0141] 

[Effect of the Invention]This invention demonstrates the outstanding effect like the 
next. 

[0142](1) Only the terminal attested by terminal information, such as a host name 
(identification key), user ID, an IP address, and a MAC Address, can access a network 
now, and network security can be secured. 

[0143](2) Integrated management of the use propriety of a port can be carried out for 
every user using every terminal or a terminal. 
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[0144](3) The information on the splicing terminal for every port and the log of use 
propriety setting out can be referred to. 

[0145](4) The address of the network management device which manages use 
propriety can be set up freely. 

[0146](5) Setting out of the use propriety of the port by this invention cannot be used 
in all the ports, either. 

[0147](6) It can be set up whether setting out of the use propriety of the port by this 
invention is used for every port. 

[0148](7) When there is no reply from a network management device to transmission 
of terminal information, it can be specified beforehand whether what we do with the 
use propriety of the port where the terminal is connected. 

[Brief Description of the Drawings] 

[Drawing 1] It is a lineblock diagram of a network management system showing a first 
embodiment of this invention. 

[Drawing 2] It is an internal configuration figure of a switching hub showing the 
embodiment of the network relay apparatus of this invention. 
[Drawing 3] It is a lineblock diagram of a network management system showing a 
second embodiment of this invention. 

[Drawing 4] It is a lineblock diagram of a network management system showing a third 
embodiment of this invention. 

[Drawing 5] It is a lineblock diagram of a network management system showing a fourth 
embodiment of this invention. 
[Description of Notations] 

101,102 network relay apparatus ......... 

103 Network management device 

104 Management table 

105 Terminal 

[Translation done.] 
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-h^ffl^RlfCtSOT, «S*1 0 5 *7b7- 
^ifilOl, 10 2*ftLT*yh7-*fc7* 

tflftSSftTV^tt***? h7-*fc:7*-feXS-e-* 

[0 0 5 4] tt±©*7 YV-WWmfrbom^ 

b^m$mmfom$*-v vv-^wmn 0 3t^ 

S£ft, ftE*S#tf *0n T^taHffifr SiWS 
[0 0 5 5]^7h7-^Mf5l0 1, 10 2*:* 

7 b7-7ta«« i o 3 k©fflfitfT?tafrofc*£ 

•yh7-^««10l, 1 0 2tt, C©£?£if£ 
©fc&fc^fcJISLTfcT? fcii 5 b ©ff 

[0 0 5 6] d©«fc5£LTig£;*ftfc*y b7-** 
«flOW«, ^U 2 0 9fc&!fi£ft, Ffffim 

2 0 7fc£oTlf3MMJI]2ft§o 
[0 0 5 7] 2) %-®gfflim 
E3fc*Sft5J:5fc, *36IBfcft3*'y b7-7«a 
yXfA(t *5H8fcfli5 2&©*v b7-^*M§l 
10 1, 10 2 4:, *IBfitff«*y b7-^SaSS 
1 0 3Mn e *-yh7-^+«l»{4, WAtf, 



So 

[0 0 5 8] UTfc, X.^7^^72 0 1 §©*7 

b7-^*«WT3saa&tf*-y b7-^«sti 
[0059] ( i ) mmm. b«t, to* 

- bT§fiL£x-£©rt§fr^*ffiffl#©:i-1f I 

Hffifc LT*7 b7-7l : agjlfc£#t&fr£'5fr£ 
10 R£LT6<. ttftbfca— 9* I D*3Sffi*5#-h* 
OT, S»^fflMSS*-bt^'„ 
[0 0 6 0] (2) tPimti, !'l«l«i)li"f^,S)i'*" b 

<o 

[0 0 6 1 ] (3) ta#tt, a— tfl DO^ff^t^ 
S*7 b7-^Bagg07bbX^i6fS£LT*5 

<o 

[0 0 6 2] (4) ^7F7-^*l»i, 
h-PSfibfer-*Ort»^5«*ffifflS03.-if I D 
20 »0L;tii}£, ^oa-tfl D«««LT*7 

b7-7wagKtsf-r§o 

[0 0 6 3] (5) *'yb7-**8«H8ti, a-if I 
D©2HIfcJt*5iaii:LT*y b7-£1Sg«fr& 

ftTV5#- H^ffifflRTIifcSS-rSo 
[0 0 6 4] (6) *7 b7-7^«§5f±, a-tfl 

d o^ft t j*-r s Mil t l r * -y b 7 - * saigas e, 

30 [0 0 6 5] (7) *<yb7-**»«8§H\ *7b7 

- tmmuci.-*f \ DzmiiLm, *7b7-7 

[0 0 6 6] (8) a±tJ;oTtt?nf:^7 b7~ 

t^mmmmmmit^v 2 0 9tis,tt?ft§o w 

tS, *W£2 0 7&, ^7b7-^«lSOtt)g'» 
[0 0 6 7] WTfc, *v b7-^tag« 1 0 3 tffr 

5Ma^f 0 

40 [0 0 6 8] (1) ftn.— «fl Dfc#-hOffifflBl5i: 
OSar-7;b (a-ifiDt7^7-bXffFRl/l±'»a 
k*WiS**TeSLfcfeo) 1 0 4£|*]M^Tfc 

0, taHffi±^e»^osax-77n 0 4©s^t* 

[0 0 6 9] (2) F7-^IBfr5Stl!i 
■pfeSn.— «fl Djtfi£lSftfc$£, tar-77H 0 
4*»6***«WL, 7^-bXf1 ; Bli/ci±7i'-bX»± 
*Stf ffi^tuIB^7 b 7-^*«fimt3llt5o 

[0 0 7 0] (3) *yh7-**»ttffifr&©rai,v& 
50 t>*Rtf*oiB|i^t>*lcJ*t5fifiortS*a^i: t 



[0071] H3*ffl^T, ximmmmwt 

[0 0 7 2] *7h7-^«Bl 0 KDim-h 
~ 4 #4?- b Rlf * 7h7^ «i£g§ 1 0 2 © 1 
-b, 3##-h~5##-htt, gfiffiffl5JS^*° 

-htfg^^nT^atoffSo *7b7-?4« 

til 0 l©5##-bRtf*7 b7-7«$tt§l 0 2 

© 2 b a, sa&tf sis«sn5ffi*tf ±tt* 7 b 

7-7 tljlTf § J; 5 t-flffl Rltgfc^^tlTV^ t 10 

[0 0 7 3] *7h7-^«Bl0 1, 10 

2fcfct a— I D©£flfti:&§*7 b7-7ta« 
t©7 F fc LT* 7 b 7-7taSH 1 0 3 ©7 F 

[0 0 7 4] *7b7-7WSSBl 0 3£it H*© 

[0075] i^t, mi 0 5m-vw-tmm3% 

1 0 1 © 1 S*-KclS2ni^/:^n„ D^V> 20 

* "Yamamo t o" On-tf I D * jfoa— tf #S 
Si 0 5tn^>t5k, *S*1 0 5frP.n*y>1f 
1*!.^ 7l/-i « i £ fti> ©T, *-y h7-i"i'.l 
«SSl 0 1 14, *©7b-Afr6a— If I D "Yam a 
mo to" *tfcfflU con— «fID**vb7-*S 
aSIll 0 3t^M-T5 0 

[0 0 7 6] *7b7-7taSttl 0 3(4, gfltfc 
a— »f I DtMJSLfcr-^^War-7";H 0 44»6 
ttSRtSo a— tfID "Yamamo t 
o" IcftlJt^ZtfmtmfeZtlT^ZtD-?, *7 30 

h r j- immno :ui, 77^to^t«b* 

*7 b7-7««g§l 0 1 tjif tS. 
[0 0 7 7] 7*-fcXttRl*a**1lffi*£eLfc*v b 
7-^*»ffiS 1 0 1 14, iisi* 1 0 ShmffiZftT^Z 

im°-v^m^mct^ etna*), s*ios 

14, *7 b7-7«S§§l 0 l%ftl/C*y b7-7 

[0 0 7 8] |I|«lfC, S*l 0 5tf*7 b7-7*» 
til O203S#-hK8«!Sftfci§£fc, "Yama 
nolo " ©a— tf I D £J§ oa- ftfn £V y-fti 40 

tf, *y b 7-^*«ts i o 2 © 3 b w\m 

[0 0 7 9] f/c, *vV7-t*mmi 0 2©5S 
sK-bKS^SnfeSJOS*! 0 6 K "Yamamo t 
o" oa-if I D?f!oa-#DW>Lfcl^k 

* 7 b 7-7 1 0 2 © 5 b ttfilffl RTftt 
mfeZftZo ■Off), a— if I D "Yamamo t o" 
fcffiffltSa-m H©S**fcfflLTfc, 

* 7 b 7-* *«§§© if ©#- b L T 

t, *7 b7-^t7^-bXt§Cfc^T't§ilt(c4 50 
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So 

[0 0 8 0] ig*l 0 5 ©a— +F I Dff "K awa g u 
t i " ©1£, Sfflr-7VH 0 4lC7ttzm±t 
S££*m^©T\ *7 b7-^«« 10 1,1 

0 2j&»&OHV^fc*lc*fLT*y b7-7f 3S« 1 

X»±^t-1ffB*§flL/t^7b7-^^Wt§l 0 
1, 1 0 2(4, S*l 0 5tfSMSftW5#-h*tt 
jB^nrttSo ChlCXVs Si* 10 5(4, *7b7- 
^IBlOl, 1 0 2%ftLT*yb7-*£7* 

[00 8 1] 4 l £ 1 0 5 ©a— if IDff "Yamad 
a" ©*i£, W3r-7;H 0 5a— «f I D 

^SS?tlTl/^^/t46, Sax-7";H 0 4© "*© 

AS" ©x-^^Mi^n, ; e©7'-^tt47^^x^s 

±i:^^tiT^5©T, *7b7-7*Msl0 
1, 1 0 2*p6©m^£fc-&fc»LT*'yh7-**I 

sb i o 3*^7^-fexs±^-r , if^*M$n§o 

*7b7-7*M§l 0 1, 102(4, ffi*105tf 

taastiT^**-h*flsffl^BrEt*o-p, ran o 

5(4, *7b7-7*»t§5l 0 1, 10 2£ftLT* 
7 b7-7tc77-fexT?>;: i:tfT*#fti\, cnicJ: 
15, 3flJJfta— »f I D^ffifflLTd^^nSiS** 
*7 b7-2fc7?*xs-fr5<:i:*g& 

So 

[0 0 8 2] U±©*7 b7-**»8BSfr5©fi3i/vg. 
fc-fr&tfiUlOrtgH:*? b 7-^Sagfi 1 0 3 fcfB 

[0 0 8 3] *yh7-^**a»l 0 1, 10 2fc* 
7 b7-*WSM 1 0 3 t©lf,!^Tt**^fc^ 
S*'lflS©^fgtWfSJIffiA^^o/ctI#, * 
7h7-^«ill 0 1, 1 02tt, C<D^f^ 

vk#>\z^mn Lxh-o km ►> t b ©ffifflws* 

[0 0 8 4] COidKLTRS^tlfc^'y b7~7* 
««S©«fi£1S*{4, ^tU 2 0 9(«?tl, «0 

s§2 0 7 iL£irmimwtm-£ft%o 

[0 0 8 5] 3) SH©W^1I 
H 4 fcaUttiS J: St, *3BBtff«*y b7-7ta 
'>7fi(i, *^(C^S2^©*7 b7-7*»« 

101, 1 0 2 1, *^j(c^§^7 b7-7taa« 

1 0 3 t^tfSo ^7 b7-7«K(4, 

So 

[0 0 8 6] WTt, X-Y7f->7~VN72 0 1 ^©*7 
b 7— J"Mfi»8§ff fr 3 jaa&tf* 7 b 7-7 * «i§ 
fcttLTf Hi'lB M^-To 

[0087] ( 1 ) ta#a, ^fe*- b«t, s*^' 
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[0 0 8 8] (2) tam, SftffifflRlSSS*- F 

<o 

[0 0 8 9] (3) I P7Fl^X©£f8ft£ 

<o 

[0 0 9 0] (4) *7h7-^ffi8«Sli, 7-<;U* 
U>^r-7;b (H^-fi-f) fcfrfttcMA C7 FbXtf 
{?UZhZ>lti<\kF\ *S*© I P7Fb**aH3*S'< 
t § KM rJ5«^- F 3£ L fc 7 b-Afr 6 
iS*© I P 7 F l^X£#ttB U •€"© I P 7 F bX£*7 

[0 0 9 1] (5)*7F7-^iW, IP7F 
l^X©£{=(c*hr£JI{ifc LT*7 F7-7taiSlfr 
6 7 7 RT**ttif «£§{t L fci§£ N 5!*#S*| 

[0 0 9 2] (6) *7F7-7««Ji;, IP7F 
bX©S{=fc*hrsjIfit LT*7 F7-7t3S«fr 
57*-feXSS±£*t1tffi*£MLfci§S, 

[00 9 3] (7) *7F7-7*«f§ii, *7F7 
-7W3SBK I P7FUX£SfILfc^ *7 F7- 

^ fe^S LT& o fe 43 5 tffiffl RlSOR£*fT 5 o 
[0 0 9 4] (8) «±KJ:-3TR£Sftfe*? F7- 
^JMSOttSflHItt** U 2 0 9fctttt*ftS. » 
», *£SS2 0 7«, *<yh7-**«WS2 0 1<D 

[0 0 9 5] ttTfc, *7 F7-7t3Sttl 0 3» 

?M3»To 

[0 0 9 6] (1) ft I P7FbX (I P-9"7*7 Fit 
tr) 1 4"°- F Offiffl t ©t3r- 7;b ( I P 7 F b 
XTJi I P -9-7*7 Ft7^-feXffFRJ/^ih1fl8i:^ 
JS£-£TSI8L/cfc©) 1 0 4*rt»t»oT*0, f 
SBSLkfr 5 u OSar-7;bOta£A^# So C c 
X\ I P-9"7*7 hit, I P7 FbXt^jjtf-y F vx 
^fii:*fii:-r*tOTfftO, CO I P-?7*7 hm 
^T?It©I P7FUX*^t5Ci:A^#5. 

[0 0 9 7] (2) *vh7-**««Rfr&IP7F 
bXA^ff^tl/c^ WSr-TVH 0 4frS I P7 

[0 0 9 8] (3) Sf=L/cI P7FU^fc-St5 I 
P 7 F bXtfSa-f-7;l/ 1 0 4 fcggtetiTVftm 

tar- i o 4 fcessnT^s i pu-7*? 

F©*?\ fi£*3*fc-9-7*7 Fvx^fi^S^I P 
•?7*y hfcftiHU C© I P -9-7*7 McftJS-f 57 



(7) #12 0 0 2- 1 4 1 9 1 6 
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7*X!fW/«±1tfg£MiE*7 F 7-**«ffl8fciI 

[0 0 9 9] (4) *7F7-?*«^5©FpV£ 

TiEg*5„ C©n7"fi, BlHjiifr 
[0 10 0] 04£ffll>T, ii9*ftw^nw^7 

5o 

[0 10 1] *7F7-7««1 0 l©l##-h 
~ 4 F Rtf * 7 F 7-* «B 1 0 2 © 1 

io -k 3##-h~5##-M4, aiwefflnrsias* 

-htRS^nTVitOfc-r*. *7F7-7«1 
jS 1 0 1 O 5 F Rtf * 7 F 7-^»g 1 0 2 

© 2 f f±, e«3atfSfa*nsisi**»±ffi* y f 

7- 7 fc IftT t § <fc 5 tc <£JI Rr^fCfgS £ tlT ^ § 

[0 1 0 2] g=fc, *7F7-7fp«tll 0 1, 10 
2Ut, 1 P7FPX©»fch&S*7F7-7t3 
£H©7FU*fcLT*7 F7-7taSBl 0 3©7 

20 [0 10 3] *7 F7-7l : fflg« 1 0 3fctt, US© 
i 5 W[*|g|$©t3r— 7> 1 0 4 fcfi^tfft;* ft 
T^?>fc©t7§o 

[0104] ^S, I P7FUX#1 7 2. 1 7. 3 
3. 10**1 0 5*^*7 F7-74>«tll 0 1©1 

i^M^nsfc^ *7 F7-7«®t5l 0 l©7^;b 
^Uy^r-7>t7b-Afra«jffib/ci|7)5 1 0 5© 
MAC7FUXA<SS?tlSo ?"©^^^ ^T'*7 F 
0 1\t, I P7FPX**ttU ^© 
30 I P 7 F UXfc* 7 F 7-^taSB 1 0 3 tSSfit 

5o 

[0 10 5] *7F7-7ta«Bl 0 3tt, gflLfc 

I P7F^fcftjSLfcr-*£tar-7;U 10 4^ 
6«^t5o IP7FbX1 7 2. 1 7. 3 3. 1 «, 
77-bXA^RTfc^?nTV^©T\ *7F7-7t 
9$ttl 0 3f±, 7^tX^^tfS^*7 F7- 
7*«§§1 0 1 tjffifS. 

[0 10 6] 77-bX|^^t1f^g{iL/i*7 F 
7-7*M§§ 1 0 Hi, ^* 1 0 5«?nt^5 
40 l##-h*ffifflRlliK:-r* 0 Ctltit), 4**1 0 5 
It, *7F7-7*«§sl 0 l^LT*7F7-7 
C7^-tXt*Ci:tf-pt4J:3t4«o 

[0 10 7]ra«t, COJgjfU 0 5#*y F7-*tf 
«g§l 0 2©3S#-htg^nfc«^t, *7 F 

7-7 i o 2 © 3 #*- f mmmmcmz 

n§ 0 OS 5, C©S*10 5tt, i?©*7F7-£fp 
8t»8g©i!0#-hteggLTt), *7 F7-7!C77 
-bX-rsct^T'f «Cfct4«. 
[0 1 0 8] S*l 0 5© I P7FUXtfl 7 2. 1 
50 7 . 3 3 . 2©i§£\ t3r-7;H 0 4t77-feX^ 
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m±.tmmiEftT^z>(DT:\ zvhv-wmmi o 

1 , 1 O 2fr5©Hl^fc-£fcflLT*v h7-£WS 

mm i o 3frZ7t*zmikmtmmii-&ft%o 
7 z^7.mfc*mmmmhk* 7 \ v-tmw. 

ffi 1 O 1 , 1 O 2 », 1 O 5 fffflCStlTV&X- 

h7-^*««10 1, 1 0 2*ftLT*?h7-* 

CO 1 0 9] £$1 0 5©I P7FbXtf 1 7 2. 1 
7. 3 3. 3©*fi8\ ear- 7VH 0 4fc-&*3 I 10 

pt>mB2nTi^ 0 ccoms, a^-rsi 

7 hOr-^A^ffl^nSo t£oT, 17 2. 17. 3 
3. 3tO^T(i, 172. 17. 33. */2 4©I 

*XlTOS*tfrf@*«2ti5o 
[0 110] ^*1 0 5©I P7FbXtf 1 7 

1. 1. 1. 1. OH^tt, I PW?H 7 1. 

fl2ft5„ ££l 0 5© I P7Kl/*ffl 70. 1. 20 
1. 1 ©*!•&&, IPit7"*7F*. *. *. */0tf 
1£U 77*XS?±£**lifM{f2n3o 
[0 1 1 1] W±©*yb7-^iflllWBfr5<0BI^ 
*5-&Rl/ii#Ort§{±*y h 7-*W9SB 1 0 3 fcffi 

[0 112]^7h7-^«Kl0 1, 102*:* 
7 h7-^f fflgB 1 0 3 fc©5MtfT?Sftfrofc»£ 
42, I P 7 F U^OSJfflt JWS5gjatf fc* 

*7b7-^fl»l 0 1, 10 2«, C©£? 30 
&i§£©/ci&t^ 46Sf£ LTfe-^ fcSS D h ©$ffl 

[0 113] COAdfcbTRSSftfe^y h7-£i*> 
«8S©#Mt}«, ;^U 2 0 9fc*g»£ft, «0 

s§2 o 7 ic£?Tmmmicm2ft%o 
[o 1 1 4] 4) mmmm 

ioi, i o 2 i:, *mmic&%*y h 7- ^ tasa 

1 0 3 tmtZo *y b7-**»«t8l±> 0fl*tf, 40 
X-f 7f>^A7?$ D , 0 2 fc* LfcrtSSKfKfcE* 

[0 115] J-xTfc, X'f 7^^7*2 0 lfO*-ji 
h 7 - 7 5 fflSRtf * 7 h 7 - 7 

[0116] (i) wa#&, ^sp-bftic, 

BBK£ttfcJ§££, *©iS*OM A C 7 F UX£4g*1f 
lixt LT*7 h 7- 7t3IS»ciMfl*£fr H 3 fr£lS 

mw&fet'-bmSo 50 
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[0 117] (2) Wffl#f±, 

<o 

[0118] (3) mmm, MkcTYuzcomm 

tZZZy h7-^taSH07KbX^feS£LT 

[0 119] (4) *7h7-7fp«§§ii, 7-r;l/2 
yy^7-7> IcmdcUACTVUT,^ 

sn^n-sn^ft t\ s*©m a c 7 f u**ani* § 

5Si*©MAC7KU*£tfc[iJU J N)MAC7FUX 
£*7 h7-*tS!Sii ( 

[0 12 0] (5) *yh7-**««88ti\ MAC7 
FUX©JMfi(cM1-5iIfflfc LT*7 h7-^«aSK 
6 7 7 -fe 7.fFRl^/TN-rif fg£§« L /cif 

[0 12 1] (6) h7-^*««ggl±, MAC7 

Fbxost icmzmt it*? w-zm mm. 

[0 12 2] (7) *-yb7-*«tti«S8H\ *7 h7 
-* i taSWcMAC7FbX«M{iLfdS, *7 F7 

[0 12 3] (8) W±lc«J:oTR£«tifc*'y b7- 

^wm-ifcwjsifigiiytu 2 o 9t«»i?n-5o « 

If, *»SS2 0 7«, ^-y h7-^«St§2 0 1 © 

[0124] OTt, * v F7-^wasai o zim 

[0 12 5] (1) mAC7¥\yXtt°~b0Dmm 
§^©ia7-7'Vb (MAC7FbXi:7^-bXfW/ 

[0 12 6] (2) *y h7-^*»«88*^MAC7 
FbX^ilflJn/cil^, W9t-7;H 0 4A^MA 
C7KUX£$&jgU 77-tXl^f fct±7f-bX^± 

^^MIE*7 h 7-^*«»BEigflt*o 
[0 12 7] (3) *y h7-^fp»§5*^W^ 

[0128] i5»^, ^mmmtizmt 

[0 12 9] *y F7-^cp«8»l 0 KD1#*°-F 
- 4 h&tf^7 h 7-^* UK 1 0 2 © 1 
-h, 3St°-h~5S^-ht±, iftffifflWSISS* 
-Hc»£*nT^5feOi:-r«. *7h7-^ffiM 
§§1 0 l©5S#-h&y^7h7-74'M§5l 0 2 
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[0 1 3 0] *y F7~*«» 0 1, 10 
2ttt, MAC7FPXO^fl5fetS5*7 F7-£ ! t 
a««©7FbX£:LT*y F7-^§aSBl 0 3© 
7Kl/*)b*K£Sft'TVSt>©i:?-S. 

[0 13 1] *'>F7-*SSSBl 0 3fctt, H^© 

[0 13 2] Vf, MAC7FbXtf 1 1 : 1 1 : 1 
i:ii:ii:i 1©S*1 0 5*^-7 F 7-^7 ffflt 

Bioioi f tffiH^nfc ttZo tarn 1 0 

5fr57b-AfrWt2ft5fc, *-y F7-*fMHSB 
1 0 1 to? 4 )]/ZVy>fT-7Mc-7V-LdS>t>m\L 
0 5dMAC7FbXA ! !Si|^n§ 0 ^©£^ 

F7-**«»8Si oifct, ^©MAC7 

FUX£*7 b7-^gggKl 0 3JCi£jI*3 0 
[0 13 3] *-y F7~7f 8^1 1 0 3f4, gflLfc 
MA C 7 Fb7,t^jSL/cT-^%tIlr-7";l/ 1 0 4 
fre>$%tZo MAC7FUX1 i:ii:ii:i 

1:11:11^ rti'zffmtfGfe-gftTv&Q 

T\ *y h7-^Sagttl 0 314, 7^XffF^£^ 
tiVil**-y F7-^«« 1 0 1 tilers. 
[0 13 4] 7^XlTO^«fG£§{f L/c*-y F 
7-^fpMttil 0 Hi, 41*1 0 5A^S8R?nTV5 

iStf-Ffci&preEfrs,, utxt^D, ssios 

li, *-y h7-*tf>«affil 0 lfcftLT*-yF7-* 
Kl 0 2©3#3tf-F(c8&;?nfci§St>, *vF 

7-^««i 0 2<D3$$-himmmKmz 

tlSoOfD, £©^*1 0 5tt, ifO*7h7— i'* 
«t5©H©^Ffcjg|fLTfc, *-y F7-£fc7£ 

[0 13 6] jS*1 0 5©MAC7FUX#2 2 : 2 
2:22:22:22:22 WSx-7;l/ 1 0 

4fc7^Xfr'itihtt§£2ftTb^©T\ *-y F7- 
y*« 1 0 1, 1 0 2*r5©|W^fe£fcttLT* 
■yh7-^Sa»Kl 0 3*5 7^ -txlit^t'lffg 

h7-^»10 1, 1 0 2(4, 0 5*«a 

1 0 5(4, *»yh7-4"f«««l 0 1, 10 2£ftL 
T*7 F7-^(c7^Xt£i:fctfT£&t\ 
[0 1 3 7] 18*1 0 5©MAC7FbX*M 4 : 4 
4:44:44:44:44 <DJ§£ X S3r-7;1/ 1 0 
4(c^a-r§MAC7FbX^li5^nTi/^l/^cft, 
Sa7-7";H 0 4© "^Offi- <DT-*1ffllli£tU 
^©T-2(C(47^Xtf|S±£f3£2tlTl^©T% 
*«y F7-^llll 0 1,1 0 2fr6©IBI^£t>& 
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§0 
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[0 14 5] (4) fyffiRJS£tffit£*-y F7-^1S 

asa©7 f i itssts c t # T?t «. 
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[0 14 7] (6) *SS$£J;5#-F0iflJJBRr£0fS 
40 [0 14 8] (7) ^*'»fg©iMftWt§*7 F7- 
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a->X7A©lJSHTfe5o 
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